A deprecated Apple authorization API, invoked by third-party installers, is still developers’ preferred choice for updating apps and services on macOS … The situation is known and was raised again last month during DEF CON by noted Mac security researcher Patrick Wardle, chief security researcher at Synack.

I wish people would include file hashes as text as well as screenshots: it’s a little exasperating having to type a hash like 9c4f74feff131fa93dd04175795f334649ee91ad7fce11dc661231254e1ebd84 from a screenshot in order to make use of it for further research. Much less error-prone if you can copy and paste a text string. 😉

Anyway, VirusTotal currently reports that two companies now detect that adware.